[release-branch.go1.20] net/http: pull http2 underflow fix from x/net/http2

After CL 534295 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

Pull in a fix from x/net/http2:
http2: fix underflow in http2 server push
https://go-review.googlesource.com/c/net/+/535595

For #63511
Fixes #63740

Change-Id: I5c678ce7dcc53635f3ad5e4999857cb120dfc1ab
GitHub-Last-Rev: 587ffa3cafbb9da6bc82ba8a5b83313f81e5c89b
GitHub-Pull-Request: golang/go#63561
Reviewed-on: https://go-review.googlesource.com/c/go/+/535575
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 0046c1414c4910dfe54abfcdbe18e565dd5a60f6)
Reviewed-on: https://go-review.googlesource.com/c/go/+/538095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>

diff --git a/src/go.mod b/src/go.mod
index 2c59e161a2e2be83879d22f6e62f08eb33693d15..7a15940c8896b0a553954059a411839ee207720f 100644 (file)
--- a/src/go.mod
+++ b/src/go.mod
@@ -4,7 +4,7 @@ go 1.20
 
 require (
        golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a
-       golang.org/x/net v0.4.1-0.20231010172015-16ed2c89e550
+       golang.org/x/net v0.4.1-0.20231027154331-b8c2abfc1559
 )
 
 require (

diff --git a/src/go.sum b/src/go.sum
index 38e6e5b4ce9a1f5ae495fea1197fbef5bbdf680b..3ab018e39e5512b79b8be03f48478aa644ce79d5 100644 (file)
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,7 +1,7 @@
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a h1:diz9pEYuTIuLMJLs3rGDkeaTsNyRs6duYdFyPAxzE/U=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/net v0.4.1-0.20231010172015-16ed2c89e550 h1:esz6u1pHwcbo5lZtgSvsbxnii8/20eN+qlwyXIuCDf0=
-golang.org/x/net v0.4.1-0.20231010172015-16ed2c89e550/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.4.1-0.20231027154331-b8c2abfc1559 h1:ZYA0bvgfxBB+JecyQpRCT/HUR/bSwdk6OJUhJ3CNLxg=
+golang.org/x/net v0.4.1-0.20231027154331-b8c2abfc1559/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=

diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 1f6d264c16ecdadb127381fcc4fbb0b76ffeb774..e719b5d23fbc3e37ef557bbeee659d71a49a499c 100644 (file)
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -6948,6 +6948,7 @@ func (sc *http2serverConn) startPush(msg *http2startPushRequest) {
                        panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
                }
 
+               sc.curHandlers++
                go sc.runHandler(rw, req, sc.handler.ServeHTTP)
                return promisedID, nil
        }

diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index 596113312705de04aa5a74c0a2749d747a66e94e..7563827b227a12029a31898709ec25dcae776c7e 100644 (file)
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1
 golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/alias
 golang.org/x/crypto/internal/poly1305
-# golang.org/x/net v0.4.1-0.20231010172015-16ed2c89e550
+# golang.org/x/net v0.4.1-0.20231027154331-b8c2abfc1559
 ## explicit; go 1.17
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts